How cloud repatriation is reshaping IT in financial services
The conversation is changing for financial institutions. In fact, as these organisations continue their digital transformation journeys, CIO and CFOs, in particular, are finding more common ground and speaking each other’s language.
And this shift is timely. Given the move to cloud has accelerated, many tech leaders in financial services are no longer simply focused on ‘keeping the lights on,’ but in driving innovation.
Certainly, IT in the financial services sector is driving digital transformation, elevating the customer experience, and powering innovative business models for sustainable growth.
Consider these findings: CFOs are now part of the tech decision-making table like never before. CFOs are involved in up to 70% of technology decisions across organisations in Australia and New Zealand — working more closely with CIOs to balance innovation with fiscal responsibility, according to TechRepublic.
The conversation is always changing After years of rapid cloud adoption, many banks, insurers, and fintechs are now thoughtfully reassessing their cloud strategies. In some cases, this includes shifting certain workloads back on-premises or into private cloud environments to better align with their changing needs.
What’s often referred to as cloud repatriation is gaining attention in financial services, as organisations look to rebalance their cloud and on-premises strategies.
Why cloud repatriation is gaining traction in finance
Undoubtedly, the financial sector has always walked a tightrope between embracing innovation and maintaining strict regulatory and operational controls.
For starters, who has responsibility for the regulation and supervision of the Australian financial system?
Responsibility is shared between four agencies: the Australian Prudential Regulation Authority (APRA), the Australian Securities and Investments Commission (ASIC), the Reserve Bank of Australia (RBA), and the Australian Treasury. Together, these bodies make up the Council of Financial Regulators (CFR).
And as regulatory frameworks such as APRA’s Prudential Standard CPS 230 – and global industry standards like Payment Card Industry Data Security Standard (PCI DSS), and the Sarbanes-Oxley Act (SOX) evolve – so too do the requirements around data governance, operational resilience, and risk exposure.
Undoubtedly, these pressures, coupled with rising cloud expenses and performance concerns, are encouraging many financial institutions to take a hybrid IT approach in a bid to balance the benefits of public cloud with the control and predictability of private environments. There will also always be workloads that are not a good long-term fit for the public cloud, particularly those tied to legacy systems or requiring specific performance, compliance, or integration needs. This reinforces the case for a more flexible, hybrid model that aligns technology choices with business realities.
And cloud repatriation—moving workloads back from public cloud to private/on-prem—often leads to or reinforces a hybrid IT strategy.
As we’ve reported, it’s not about abandoning the cloud altogether, but rather rethinking where each workload runs best.
Regulatory scrutiny and repatriation: Staying ahead of compliance
Let’s face it: Financial institutions are among the most heavily regulated organisations in the world.
In Australia, APRA continues to raise the bar with standards like CPS 230, which is slated to take effect July 1, 2025, and places a strong emphasis on operational risk management, third-party oversight, and business continuity.
Interactive’s Toby Paterson explains it this way:
“In the ever-evolving landscape of financial regulations, staying ahead of the curve is paramount. In the wake of high-profile operational risk failures and business disruptions, the need for robust risk management practices has never been more pronounced for Australian businesses at large.
“The introduction of APRA’s Prudential Standard CPS 230 Operational Risk Management is pivotal for APRA-governed organisations. The upcoming changes outlined in the guideline signifies a greater focus on enhancing the overall business resilience of APRA regulated organisations.” - Toby Patterson, Account Executive, Cloud - DCBC Sales, Interactive
Therefore, as regulatory expectations intensify, particularly around operational risk and third-party oversight, many institutions are rethinking their cloud strategies to ensure compliance and resilience.
In fact, cloud environments – particularly public ones – can make compliance more complex. If anything, issues such as data residency, auditability, and shared responsibility models can leave gaps in governance and increase the burden on compliance teams.
What’s more, there’s also a lack of transparency from public cloud providers in terms of how closely customers’ systems are linked and if that poses a credible security risk.
For these reasons, some financial organisations are opting to repatriate sensitive workloads to environments where they have greater control and visibility.
Performance-driven decisions: Repatriating transaction-heavy systems
While cloud platforms offer scalability and global reach, they’re not always ideal for performance-sensitive applications – and there’s a lot of those in financial services. Case in point: Performance-sensitive applications used in real-time trading, payment processing, and fraud detection.
What’s more, latency, data transfer limits, and inconsistent performance can negatively impact customer experience and business outcomes.
So what’s the answer? By repatriating certain high-throughput systems to on-premises infrastructure or private cloud environments, financial institutions can improve latency, throughput, and reliability.
In short, this move enables the financial institutions to tailor infrastructure to meet the specific performance profiles of mission-critical workloads.
Cloud concentration risk and the need for diversification
But there’s one often-overlooked driver of cloud repatriation in financial services: cloud concentration risk.
Gartner has identified cloud concentration risk as one of the top five emerging risks for organisations, highlighting the growing concern among risk executives about the dependence on a single cloud provider for multiple business capabilities.
“The risk associated with cloud concentration is fast losing its ‘emerging’ status as it is becoming a widely recognized risk for most enterprises,” said Ran Xu, director, research in the Gartner Legal Risk & Compliance Practice. “Many organizations are now in a position where they would face severe disruption in the event of the failure of a single provider.”
Certainly, as more institutions centralise operations with a single cloud provider, the risks associated with outages, service degradation, or vendor lock-in become even more significant.
This concern is echoed by regulators and risk managers alike. In response, many organisations are adopting multi-cloud and hybrid IT strategies in a bid to ensure resilience and business continuity.
For some, that means migrating certain systems back to internal data centres or trusted private cloud providers, allowing for greater strategic control and risk diversification.
Balanced approach to modern infrastructure
Like anything in life, it’s all about balance. And there’s no exception with cloud.
That’s why it makes sense for financial services firms to increasingly pursue balanced, hybrid IT environments that combine the agility of cloud with the control of on-premises systems. Ultimately, this model supports smarter workload placement, cost optimisation, and stronger compliance postures.
At Interactive, we support financial institutions in navigating this shift and achieving a balanced approach through a full suite of managed and professional IT services. This includes cloud migration planning, private cloud hosting, compliance alignment, and ongoing infrastructure management. We back this with in-country professional services consultants, who understand local regulatory requirements, and geographically dispersed datacentres that ensure data sovereignty, reliance and high-availability across every workload.
Supporting cloud repatriation in financial services
Understandably, IT leaders face mounting challenges in the financial services realm. So, whether you’re responding to regulatory change, seeking to optimise cloud costs, or improving the performance of critical systems, Interactive can help you assess and execute your cloud repatriation strategy with confidence.
Our Cloud Services are designed to deliver the availability, performance, and compliance financial organisations demand—without sacrificing flexibility.
Explore how Interactive can support your hybrid IT strategy.
